Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 11 SP4

16 Subscription Management

Any machine running SUSE Linux Enterprise Server 11 or SUSE Linux Enterprise Desktop 11 can be configured to register against local Subscription Management Tool server to download software updates instead of communicating directly with the Novell Customer Center and the NU servers. To use an SMT server for client registration and as a local update source, you must configure the SMT server in your network first. The SMT server software is distributed as an add-on for SUSE Linux Enterprise Server and its configuration is described in the Subscription Management Tool Guide. There is no need to install any add-on on the clients to be configured for registering against an SMT server.

To register a client against an SMT server, you need to equip the client with the server's URL. As client and server communicate via the HTTPS protocol during registration, you also need to make sure the client trusts the server's certificate. In case your SMT server is set up to use the default server certificate, the CA certificate will be available on the SMT server via HTTP protocol at http://FQDN/smt.crt. In this case you do not have to concern yourself with the certificate: the registration process will automatically download the CA certificate from there, unless configured otherwise. You must enter a path to the server's CA certificate if the certificate was issued by an external certificate authority.

Note
Note: Registering Against *.novell.com Subdomain

If you try to register against any *.novell.com subdomain, the certificate will not be downloaded during registration (for security reasons), and certificate handling will not be done. In such cases, use a different domain name or a plain IP address.

There are several ways to provide this information and to configure the client machine to use SMT. The first way is to provide the needed information via kernel parameters at boot time. The second way is to configure clients using an AutoYaST profile. There is also a script distributed with Subscription Management Tool, clientSetup4SMT.sh, which can be run on a client to make it register against a specified SMT server. These methods are described in the following sections:

16.1 Using Kernel Parameters to Access an SMT Server

Any client can be configured to use SMT by providing the following kernel parameters during machine boot: regurl and regcert. The first parameter is mandatory, the latter is optional.

regurl

URL of the SMT server. The URL needs to be in the following format: https://FQDN/center/regsvc/ with FQDN being the fully qualified hostname of the SMT server. It must be identical to the FQDN of the server certificate used on the SMT server. Example:

regurl=https://smt.example.com/center/regsvc/
regcert

Location of the SMT server's CA certificate. Specify one of the following locations:

URL

Remote location (http, https or ftp) from which the certificate can be downloaded. Example:

regcert=http://smt.example.com/smt.crt
Floppy

Specifies a location on a floppy. The floppy has to be inserted at boot time (you will not be prompted to insert it if it is missing). The value must start with the string floppy, followed by the path to the certificate. Example:

regcert=floppy/smt/smt-ca.crt
Local Path

Absolute path to the certificate on the local machine. Example:

regcert=/data/inst/smt/smt-ca.cert
Interactive

Use ask to open a pop-up menu during installation where you can specify the path to the certificate. Do not use this option with AutoYaST. Example:

regcert=ask
Deactivate Certificate Installation

Use done if either the certificate will be installed by an add-on product, or if you are using a certificate issued by an official certificate authority. Example:

regcert=done
Warning
Warning: Beware of Typing Errors

Make sure the values you enter are correct. If regurl has not been specified correctly, the registration of the update source will fail.

If a wrong value for regcert has been entered, you will be prompted for a local path to the certificate. In case regcert is not specified at all, it will default to http://FQDN/smt.crt with FQDN being the name of the SMT server.

Warning
Warning: Change of SMT Server Certificate

If the SMT server gets a new certificate from a new and untrusted CA, the clients need to fetch the new CA certificate file. This is done automatically with the registration process but only if a URL was used at installation time to retrieve the certificate, or if the regcert parameter was omitted and thus, the default URL is used. If the certificate was loaded using any other method (such as floppy or local path), the CA certificate will not be updated.

16.2 Configuring Clients Using AutoYaST Profile

Clients can be configured to register with SMT server via AutoYaST profile. For general information about creating AutoYaST profiles and preparing automatic installation, refer to Chapter 21, Automated Installation. In this section, only SMT specific configuration is described.

To configure SMT specific data using AutoYaST, follow these steps:

  1. As root, start YaST and select Miscellaneous › Autoinstallation to start the graphical AutoYaST front-end.

    From a command line, you can start the graphical AutoYaST front-end with the yast2 autoyast command.

  2. Open an existing profile using File › Open, create a profile based on the current system's configuration using Tools › Create Reference Profile, or just work with an empty profile.

  3. Select Support › Novell Customer Center Configuration. An overview of the current configuration is shown.

  4. Click Edit.

  5. To register while installing automatically, select Run Product Registration. You can include information from your system with Hardware Profile and Optional Information.

  6. Set the URL of the SMT Server and, optionally, the location of the SMT Certificate. The possible values are the same as for the kernel parameters regurl and regcert (see Section 16.1, “Using Kernel Parameters to Access an SMT Server”). The only exception is that the ask value for regcert does not work in AutoYaST, because it requires user interaction. If using it, the registration process will be skipped.

  7. Perform all other configuration needed for the systems to be deployed.

  8. Select File › Save As and enter a filename for the profile, such as autoinst.xml.

16.3 Configuring Clients Using the clientSetup4SMT.sh Script

The /usr/share/doc/packages/smt/clientSetup4SMT.sh script is provided with SMT. This script allows to configure a client machine to use a SMT server or to reconfigure it to use a different SMT server.

To configure a client machine to use SMT with the clientSetup4SMT.sh script, follow these steps:

  1. Copy the /usr/share/doc/packages/smt/clientSetup4SMT.sh script from your SMT server to the client machine.

  2. As root, execute the script on the client machine. The script can be executed in two ways. In the first case, the script name is followed by the registration URL: ./clientSetup4SMT.sh registration_URL, for example, ./clientSetup4SMT.sh https://smt.example.com/center/regsvc. In the second case, the script name is followed by the --host option followed by hostname of the SMT server: ./clientSetup4SMT.sh --host server_hostname, for example, ./clientSetup4SMT.sh --host smt.example.com.

    Important
    Important: The --host Parameter

    The hostname that needs to be provided with the --host parameter, needs to be the same name the certificate is issued for. Furthermore, if the name in the certificate is the fully qualified hostname (e.g. smt.example.com), it needs to be entered as such—entering the short name (smt) will cause the clientSetup4SMT.sh script to fail.

  3. The script downloads the server's CA certificate. Accept it by pressing y.

  4. The script performs all necessary modifications on the client. However, the registration itself is not performed by the script.

  5. Perform a registration by executing suse_register or running yast2 inst_suse_register module on the client.

16.4 Registering Clients Against SMT Test Environment

To configure a client to register against the test environment instead the production environment, modify /etc/suseRegister.conf on the client machine by setting:

register = command=register&testenv=1

For more information about using SMT with a test environment, refer to the Subscription Management Tool Guide.

Print this page